Linux : Reject domain List (httpd & server)

Discussion in 'Linux Networking' started by 2401 members, members can post, Oct 23, 2007.

  1. October 23.2007

    Dear Madams and Sirs,

    Ever had the chance to forbid a website to download HTTP files from
    your Website ?

    Have a pc-linux-gnu on i686 - Apache version is Apache/2.0.50
    (Fedora).

    Point is, there are some undesired websites that downloads our content
    to display it over their websites.

    As an example : they insert in their web-pages : <iframe src="our-
    website.com/file.php"> OR <img src="our-website.com/file.gif"

    These websites are 100% undesired.

    We searched out and asked questions BUT
    .. if we found out how to forbid ONE USER to download a content
    .. if we found out how to forbid USERS to access a file or a directory.

    We could not AT ALL find out how to forbid one website (eg :
    clickandwin.com) to display our content.

    The dreamed situation is a .txt reject list recognized from Linux
    online or Apache.
    to DW any file for the server.

    Does that sounds like impossible : because our searches lead us to
    that conclusion for the time being.
    might have an operational solution ?

    We thank for your answer and address our best consideration.

    Bob
     
    2401 members, members can post, Oct 23, 2007
    #1
    1. Advertisements

  2. Take a look at http://httpd.apache.org/docs/2.2/howto/access.html for
    the full answer to your question. Simplest fix - create a file named
    ..htaccess in your web documents home with the contents

    Order deny,allow
    Deny from clickandwin.com clickformoney.com
    Allow from all


    Doug
     
    Douglas O'Neal, Oct 23, 2007
    #2
    1. Advertisements

  3. Dear Sir,

    Many thanks for your answer BUT :

    There seems to be a solution in PHP.INI, or using an HTACCESS FILE
    (http://www.yorku.ca/computng/students/webpages/central_web/
    htaccess.html), or using APACHE
    (http://www.yorku.ca/computng/students/webpages/central_web/
    htaccess.html)

    If you accept Questions :

    1) Do you implement that in your HTTP.CONF file :

    Order deny,allow
    Deny from zzz.com z1z1z1.com
    Allow from all

    it is not mentioned in the article ?


    2) Why would you rather implement an Apache solution instead of a
    *.INI or *.HTACCESS solution ?



    All my distinguish considerations

    Bob


    ****
    Sorry for clickandwin.com clickformoney.com : these sites are quite
    ok. Just used for non carrefull illustration.
     
    2401 members, members can post, Oct 23, 2007
    #3
  4. PHP is not mentioned in your URL so I cannot comment.
    The grammar in this question is such that I cannot figure out what
    you are asking.
    I suggested using .htaccess because you desired a file-based solution
    in your original post. Apache and .htaccess are not an either/or,
    since access restrictions via .htaccess are defined by the apache
    configuration file. The same restrictions can be put in your
    apache.conf (or whatever the file is used by your distribution) with
    the same effect.
     
    Douglas O'Neal, Oct 23, 2007
    #4
  5. Dear Sir,

    Many thanks for your reply. Would you autoriez us to ask you an
    operational question ?

    1. Two Websites

    /home/virtual/site5/fst/var/www/html/
    /home/virtual/site1/fst/var/www/html/


    2. We implemented on site5 the following script :

    vi .htaccess

    <Limit GET POST>
    order allow,deny
    allow from all
    deny from ad........com
    </Limit>
    <Limit PUT DELETE>
    order deny,allow
    allow from all
    deny from all
    </Limit>
    AuthName "No"
    AuthType Basic
    Require valid-user
    AuthUserFile /home/virtual/site2/fst/var/www/html/.htpasswd


    3) Objective is to fordid the user connected from site1 to DW any
    content from site5

    4) After several trials : That does not work AT ALL

    http://tinyurl.com/2kaqym

    Again, we please send you our thanks,

    My Regards

    Bob
     
    2401 members, members can post, Oct 23, 2007
    #5
  6. 2401 members, members can post

    Joe Beanfish Guest

    Technically you can't prevent the reference from one site to another as
    all you know about is the third party user viewing the page. You'll
    have to resort to legal methods.
     
    Joe Beanfish, Oct 23, 2007
    #6
  7. | 2401 members, members can post wrote:
    |>
    |>
    |>
    |> October 23.2007
    |>
    |> Dear Madams and Sirs,
    |>
    |> Ever had the chance to forbid a website to download HTTP files from
    |> your Website ?
    |>
    |> Have a pc-linux-gnu on i686 - Apache version is Apache/2.0.50
    |> (Fedora).
    |>
    |> Point is, there are some undesired websites that downloads our content
    |> to display it over their websites.
    |>
    |> As an example : they insert in their web-pages : <iframe src="our-
    |> website.com/file.php"> OR <img src="our-website.com/file.gif"
    |>
    |> These websites are 100% undesired.
    |>
    |> We searched out and asked questions BUT
    |> . if we found out how to forbid ONE USER to download a content
    |> . if we found out how to forbid USERS to access a file or a directory.
    |>
    |> We could not AT ALL find out how to forbid one website (eg :
    |> clickandwin.com) to display our content.
    |>
    |> The dreamed situation is a .txt reject list recognized from Linux
    |> online or Apache.
    |>
    |>>From that list clickandwin.com or clickformoney.com would be forbidden
    |> to DW any file for the server.
    |>
    |> Does that sounds like impossible : because our searches lead us to
    |> that conclusion for the time being.
    |>
    |>>From your pro. experience in website configuration, and studies You
    |> might have an operational solution ?
    |>
    |> We thank for your answer and address our best consideration.
    |>
    |> Bob
    |>
    |
    | Take a look at http://httpd.apache.org/docs/2.2/howto/access.html for
    | the full answer to your question. Simplest fix - create a file named
    | .htaccess in your web documents home with the contents
    |
    | Order deny,allow
    | Deny from clickandwin.com clickformoney.com
    | Allow from all


    That won't work. In the situation the original poster described, the
    image is being downloaded by the end users web browser, not the
    offending web sites' web server.

    There may be a way to do this by blocking on the http-referrer header.

    Alternatively, replace the files/images with something amusing and/or
    inappropriate, and change your site to use a different file name.
     
    Paul Colquhoun, Oct 24, 2007
    #7
  8. On Oct 23, 7:30 am, "2401 members, members can post"
    You have three choices:

    1) Implement a technical solution. They will implement a technical
    workaround. The situation will repeat. On the bright side, you will
    require them to do things that will likely prove that they know you
    find their behavior undesirable and that they took affirmative steps
    to workaround it.

    2) Implement a legal solution. Advise them that you find their conduct
    abusive. Talk to a lawyer about whether it may violate copyright laws,
    computer abuse laws, and/or unfair competition laws. Your lawyer may
    even have other ideas. Have him write them a nasty note.

    3) Implement both of the above.

    You can start by filtering on the referer. See pages like this one:
    http://apache-server.com/tutorials/ATimage-theft.html
    Google for "apache restrict referrer".

    DS
     
    David Schwartz, Oct 24, 2007
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.